NEW: [apnscp.js] cmd() queueing. [DNS] --all flag applies DNS changes to all sites on server via scripts/change_dns.php. [Dovecot] dovecot_utf8_mailboxes, enable support for UTF-8 named mailboxes. Mailboxes containing ampersand do not require a following hyphen in UTF-8 mode. mUTF-7 is default mode. [Opcenter] OOB file descriptor reporting in --fd=X. [php] pool_owner: report pool owner for named pool. [WordPress] Plugin updates. FIXED: [afi] Prefer session ID over authenticated context in singleton instantiation to avoid infinite recursion that occurs between authorization and the implicit account initilization. Likewise this was triggered in the opcenter/ test suite. [ajax] Invalid invocations returned normal results. [Apache] Rollback results in infinite loop on missing apache group. [Auth] Revert changes introduced in 3c361e77 whereby preferences are not loaded until after login. Postponement forces tautology in IP 2FA. [Backend] Potential race condition may occur when an asynchronous signal is received, e.g. SIGCHLD, during worker resumption resulting in selected worker being incorrectly terminated. [Cache] All Redis cache types extend MProxy, which locks up a Redis connection for each profile scope as a static member. When the authentication context changes or spawning a new backend worker, the connection is refreshed. Garbage collection runs manually in backend to optimize usage patterns resulting in situations in which phpredis extension could write to an invalid descriptor. Check if gc is disabled then explicitly invokve a cycle to ensure fds are properly deinitialized. [cpcmd] multi command mode reports last command following output changes. [DNS] SRV records application. [Dovecot] 2.3 no longer implicitly trusts 127.0.0.1 for plain-text authentication. [File Manager] non-ASCII files result in garbled output. Refactor zip implemementation to ZipArchive. [MySQL] Changing mysql,dbaseadmin leaves behind old admin. [Opcenter] Deleting a site attempts SSL acquisition when [letsencrypt] => auto_bootstrap enabled. [Opcenter] Domains attached directly via aliases,aliases report as non-existent. Change aliases:domain-exists() and web:list-domains, web:split-doc-root to report these direct additions as aliases to /var/www/html. [Opcenter] Error() generated within validation routine reports incorrect module. [Opcenter] Potential race condition in /proc/self/mount query. [Opcenter] Rollback on addition before apache service proccesses results in recursive loop due to missing apache group. [Opcenter] Expiring a site from within a contexted authentication may invalidate the global authentication session. An example occurs during rampart_get_jails() called by DAPHNIE using the global authentication context to query available jails after editing a site. [SSL] Unlink certificate chain configuration when a newly imported certificate lacks a chain/intermediate. [Synchronizer] Validate PID process name during lock check. [upcp] Perform .git/ write check as update user. CHANGED: [Bootstrapper] Enhance grub.cfg rootflags= matching to reflect last listed directive. [Bootstrapper] [Dev] clean.sh interactively prompts for features when preparing an image. Installed Mitogen version is preferred. [Dovecot] Update ciphers. Disable cipher downgrade by client. [letsencrypt] renew(), append()- prune orphaned domains from certificate bundle. [node] make_default()- accept non-specific versions, e.g. v12 or "12". [personality] scan()- unparseable .htaccess file shall return false, not NULL. [PHP] Create PHP runtime configuration directory as needed. [Postfix] Smart-host via mail.smart-host no longer requires password. [Quotas] Convert XFS features in filesystem/make-mounts role to list. Features may be overridden with "xfs_quota_features". [rspamd] Update rspamd DMARC, reputation configuration. Older installs may contain literal templated key expressions that cannot parse from limitations in Jinja. These may report spurious "unknown backend" warnings. Likewise reporting is now a configuration section in 3.0+. [Scopes] net.ip4 flush namebased_ip_addrs on update. [Scopes] net.ip6 flush namebased_ip6_addrs on update. [Session] Expire cached afi instances on session invalidation. [Setup Instructions] Graceful downgrade for unprivileged users. [SSL] Enabling [letsencrypt] => auto_bootstrap [UI] Resume quota caching. [UI] Secure Access Key checks refresh key TTL in Redis. Key rolling moved to a separate cron task. [vfs] Add wget cyrpto-policies dependency. [WordPress] PHP 8.1 compatibility (see wp-cli/wp-cli#5586). [WordPress] Add "hold=" option to withhold failed installation. [Yum] Downgrade reinstalling existing package into vfs as warning [Yum] apnscp/initialize-dependencies accepts additional include_dependencies= var to denote implicit package installation. INTERNAL: [Filesystem] Rename FILESYSTEMTEMPLATE references in release annotations to "vfs": virtual filesystem. "fst" will continue to refer to /home/virtual/FILESYSTEMTEMPLATE components. "vfs" refers to composite filesystem after all layers merged up.